Numerous Israeli IT, software development, and staffing services firms have been compromised with malware through Word and PDF documents that impersonate antivirus tools as part of the Operation IconCat campaign that commenced last month, Cyber Security News reports.
Intrusions commenced with the distribution of a Check Point security scanner manual-spoofing PDF file that lures targets into downloading the password-protected "Security Scanner" tool from Dropbox that enables the download of the Python-based PYTRIC malware, which not only performs file scanning and checks admin privileges but also enables system data deletion and remote machine control, according to Seqrite Labs researchers.
Threat actors then delivered a spear-phishing email purporting to be from Israeli human resources firm L.M Group that contained a corrupted Word file in the second attack wave. Included in the Word document were concealed macros that allowed the injection of the RUSTRIC malware, which monitors for over two dozen antivirus offerings.
Intrusions commenced with the distribution of a Check Point security scanner manual-spoofing PDF file that lures targets into downloading the password-protected "Security Scanner" tool from Dropbox that enables the download of the Python-based PYTRIC malware, which not only performs file scanning and checks admin privileges but also enables system data deletion and remote machine control, according to Seqrite Labs researchers.
Threat actors then delivered a spear-phishing email purporting to be from Israeli human resources firm L.M Group that contained a corrupted Word file in the second attack wave. Included in the Word document were concealed macros that allowed the injection of the RUSTRIC malware, which monitors for over two dozen antivirus offerings.




